Friday, November 20, 2015

PERFECT: The IRS Says You Can’t Sue Them Unless They Say You Can

Department of Justice lawyers claimed Wednesday the IRS cannot be sued for damages by the estimated 330,000 taxpayers victimized by hackers who earlier this year breached the federal tax agency’s computer files.

Plaintiffs Becky Welborn and Wendy Windrich’s claim of damage under the Privacy Act and the Administrative Procedures Act cannot be pursued because the doctrine of Sovereign Immunity, which holds the federal government immune to damage claims unless it agrees to such litigation.

Without such an agreement from the IRS, the federal courts have no jurisdiction over the damage claim filed by Welborn and Windrich, according to Justice Department lawyers.

The government’s lawyers also argued in the U.S. District Court for the District of Columbia that the tax agency can only be sued on claims involving alleged violations of the IRS tax code’s privacy provisions to protect the confidentiality of documents submitted by taxpayers.

In addition, “their alleged injuries — in general terms, the future threat of a cybersecurity breach and the voluntarily incurred costs intended to prevent future theft — are not sufficient to establish an imminent injury that is certainly impending,” the government argued, according to Law360.

Welborn and Windrich were participants in the IRS’s online “Get Transcript” service that allows taxpayers to access their tax information and tax returns from prior years. Participants must answer a series of unique questions about themselves and their financial affairs before the system allows them to login.

But the hackers compromised the system and gained access to the Social Security numbers, current and past W-2s, tax returns, personal identification data like home addresses and details about financial assets and debts of more than 330,000 taxpayers and businesses.

The IRS did not publicly admit the hack had taken place until April, at least two months after the government’s computer files were breached.

“What should have been a trustworthy digital service had been compromised and is yet the latest sign that the U.S. government cannot be relied upon to keep the personal data of its citizens safe,” Welborn and Windrich said in their complaint. “As custodians of taxpayer information, the IRS has an obligation to protect the confidentiality of sensitive information against unauthorized access or loss.”

The IRS hacking was among many in recent months, including breaches of the federal government’s central personnel data file maintained by the U.S. Office of Personnel Management (OPM). The OPM breach compromised personal and financial information on millions of current and retired civil servants and their families.